New Release: Tor Browser 8.0.3

Tor Browser 8.0.3 includes newer NoScript and HTTPS Everywhere versions. Moreover, it ships with a donation banner for our end of the year campaign and includes another round of smaller fixes for Tor Browser 8 issues on Linux systems. We also switched to a newer API for our NoScript <-> Torbutton communication, which we need for the Security Slider.

dom.w3c_pointer_events.enabled=false **no mouse gestures are seen by the extension, as if it's not even turned on
dom.w3c_pointer_events.enabled=true **mouse gestures are seen by the extension, but no matter what gesture I try, only 'UP' gesture is executed

-- continuation from the last post / dom.w3c_pointer_events.enabled testing --

privacy.resistFingerprinting=true [default] **mouse gestures not seen by the extension
privacy.resistFingerprinting=false **mouse gestures and the extension works properly

As I do not know what this preference does, nor it's impact on privacy/TOR, I have set it back to default. So, once again gestures do not work. If someone can find out what exactly this preference is doing to the extension, that'd be great.

There are several other privacy.resistFingerprinting(.xxx) preferences, all of which were left on default (TRUE) during testing.

"Orange" is number one (ISP) in france
ISP = FAI in french
CBF means that he can't log in his ISP mailbox/client service.
afaik, it is not related at tor but it's related at the isp which does not allow anonymous log in (javascript required & cookies maybe) even with a vpn, it could be refused ...
first you must connect at home second allow javascript & cooky third call the client service (or by chat) if you cannot anymore. i mean it is more a server problem than a tor one.
contactez votre service client en cas 'de diffilculté de connection : c'est plus un probleme de serveur côté fai qu'un probleme avec tor (n'oubliez pas d'activez javascript et d'autorisez les cookies).
la surveillance est très forte en france : the update does not block the connection but the government maybe.

By "blocking", do you mean an almost blank page, with message something like, "bandwidth too high" ? (I don't recall words)
Often refreshing that tab fixes the problem. Other times, need to use "new circuit for this site" (in the left end of the addressbar) to fix.

same prob as others. McAfee reports the 64bit ESR Firefox update this installs as a virus. TOR 8.0.3 installs / updates earlier version fine, it updates Firefox to Firefox to 60.3.0 esr and then requests a restart. When you do, McAfee quarantines it. Did clean installs of other earlier 64bit TOR versions, same thing happened ever time after the Firefox upgrade.

Thanks for your response of the 15th re my concerns about the information I got when trying to verify the 8.0.2 bundle signature.

I have just tried to verify 8.0.3. and whilst I understand what you have said regarding 8.0.2 and the GnuPG configuration, there is still one aspect of the divergence that I get versus what your instructions say I should get that still confuses/worries me.

It is in relation to the RSA key. You say that what I should get is:
“using RSA key 0xD1483FA6C3C07136””
Whereas what I do get (again) is:
RSA key EB774491D9FF06E2

I rather thought (assumed) that something as important as the RSA key should not vary, so why does it?

suggestion : could you add at the standard toolbar the icon "home" & the icon "https everywhere" please ?
i feel it should be better with these 2 icons (https is in blue/red easily and home is helpful).
of course, the option "customize" helps but a toolbar including these ones per default should be nicer.

Yes, it's the best option. If it refused to build circuits like that, then somebody who knows your exit can narrow out what country your entry guard is in -- and if they see a bunch of connections from you, they would be able to quite quickly learn exactly which country your entry guard is in. That wouldn't be good.

Tor automatically avoids using more than one relay in a given network /16 in any circuit. I think there could be a bit more room for complexity in path selection, but complexity is bad news for anonymity (see e.g. the attack at the beginning of this comment) so we need to tread carefully.